[Openstack-security] [openstack/python-keystoneclient] SecurityImpact review request change Iae94329e7abd105bf95224d28f39f4b746b9eb70
Jeffrey Walton
noloader at gmail.com
Thu Sep 12 04:03:59 UTC 2013
> This adds the ability to specify a CA file that will be used to verify a
> HTTPS connections or insecure to specifically ignore HTTPS validation.
CA file is good, especially if the organization is running its own PKI.
I'm not sure about the other state: no CA means plain text everything.
I'm wondering if a better choice would be to generate a self-signed on
the fly to provide better than nothing security (BTNS).
For those who insist on plain text connections, make them shoot
themselves in the foot by altering a configuration file.
(Sorry about the Gerrit reply. I don't know how to comment on a
concept rather than a particular source file).
On Wed, Sep 11, 2013 at 10:07 PM, <gerrit2 at review.openstack.org> wrote:
>
> Hi, I'd like you to take a look at this patch for potential
> SecurityImpact.
> https://review.openstack.org/34161
>
> Log:
> commit 20e166fd8a943ee3f91ba362a47e9c14c7cc5f4c
> Author: Jamie Lennox <jlennox at redhat.com>
> Date: Mon Aug 12 13:12:27 2013 +1000
>
> Replace HttpConnection in auth_token with Requests
>
> Requests is becoming the standard way of doing http communication, it
> also vastly simplifies adding other authentication mechanisms. Use it in
> the auth_token middleware.
>
> This adds the ability to specify a CA file that will be used to verify a
> HTTPS connections or insecure to specifically ignore HTTPS validation.
>
> SecurityImpact
> DocImpact
> Partial-Bug: #1188189
> Change-Id: Iae94329e7abd105bf95224d28f39f4b746b9eb70
More information about the Openstack-security
mailing list